Looking for practical training/resources to get our shop squared away on CMMC Level 2 and day-to-day ITAR/CUI handling without killing cycle time. We’ve got Secret clearances on the cell leads, JCP in place, and a UMC-750 plus Okuma M560, but I need guidance on secure DNC/air-gapped file flow, traveler controls, and material cert traceability — courses, checklists, or vendors you trust?
We solved “traveler controls” and secure DNC by moving programs on a physically write‑protected SD card in a USB adapter to the UMC‑750/M560 — controls can read, but can’t write back — so the air‑gap stays intact; we prefix every NC file with the traveler ID and print the same ID on cert PDFs for traceability. Costs about $50 and adds about 30–45 seconds per setup; if your control ignores write‑protect, stick a USB write‑blocker inline.
Quick example: on our M560 we locked out Ethernet and ran DNC over RS‑232 one‑way from a fanless box with the RX pin physically gone, so programs go in but edited code can’t come back — “no CUI leaves the control.” If you need drip‑feed on the Haas 5‑axis, enable hardware flow control or you’ll choke the buffer at higher baud.
We ended up using a tiny NUC as a staging box with two NICs — pulls from the CUI vault, pushes to the control through a dumb serial server only — and we print the program’s SHA‑256 as a QR on the traveler so the operator/QA can verify the exact file at the panel. For traveler handling, we slide CUI packets under an SF 901 cover sheet and only laminate non‑CUI op notes, which kept DCMA happy without slowing setups. For training/vendors, the Cyber AB marketplace has solid CMMC L2 options (https://cyberab.org), but skip anyone promising “ready in a week” unless you want security theater?